Yubico’s director of engineering on defending against phishing

David Hope

David Hope

2 minute read

Yubico’s mission is to make the internet safer for everyone, and at the heart of that is a belief that the best security requires usability. Anyone who accesses the internet is at risk from cybercrime, so YubiKeys are designed to provide phishing-resistant MFA protection for everyone. That’s why YubiKeys are so simple to set up and use, and don’t require additional software to defend against phishing attacks.

While the user experience is simple, the technology underpinning YubiKeys is much more complicated, and has developed considerably since the first prototype was created in 2008. This progress has been thanks to the work of a whole team, located mostly in the U.S. and Sweden. One important member of this team is Dain Nilsson, Yubicos’ director of engineering.

Dain won the inaugural YubiKing developer competition in 2009, while still a student at Stockholm’s prestigious KTH Royal Institute of Technology. He then spent time as a developer at companies including SmartBear Software, before joining Yubico in 2012 as Senior Software Developer. Having experienced–and played a leading role–in the development of the YubiKey over the years, he’s well-placed to explain how authentication technology has advanced. 

Dain recently spoke with IT-säkerhetspodden, a Swedish IT security podcast, hosted by Mattias Jadesköld and Erik Zalitis, in collaboration with Nordlo. Their conversation is a fantastic introduction to the technology behind the YubiKey and what makes it so unique.

You can listen to the full discussion in the podcast here. The episode is in English, aside from a short intro message.

At one point in the episode, there is a very technical discussion about ”Asynchronous Remote Key Generation.” We’ve previously explained this topic on our blog, and for those who are visually-minded, the below illustration can be helpful while listening to the podcast.

Additionally, we’ve put together a video of our highlights, including:

  • How to defend against phishing attacks using the YubiKey?
  • How do YubiKeys help remote workers stay secure?
  • How do I set up my YubiKey for the first time?

Watch the full video below:


, , ,
Talk to our teamTalk to our team

Share this article:
  • AI is booming — but proving you’re human matters more than everIf you walked the show floor at the RSA Conference this year, you probably noticed the same thing I did: Artificial Intelligence (AI) is everywhere. Agentic AI. AI in threat detection. AI in firewalls. AI in identity management. AI-generated demos. AI everything. The energy around AI was undeniable, and we’re seeing real innovation, efficiency gains […]Read moreAIArtificial IntelligencephishingRSAC
  • Ditching passwords for good: Celebrating the inaugural World Passkey DayHave you ever been stuck in a relationship with someone who constantly lets you down, exposes your secrets, and leaves you vulnerable? Odds are you cut your losses, packed up your things and moved on. Today is the day to do the same with your passwords: say goodbye forever! The reality is a majority of […]Read morepasskeyspasswordlessWorld Passkey Day
  • Digital security’s unique role in protecting our environmentAs sustainability expands to include social, economic, and technological challenges, cybersecurity has emerged as a top global threat – with cybercrime projected to cost $12 trillion this year. Stolen credentials and phishing account for 80% of breaches. At Yubico, making the world more secure is just part of how we care for the world around […]Read moreCSREarth DaySecure It ForwardSustainability
  • Breaking down Australia’s plan to combat AI-driven phishing scamsAcross Australia, cybercrime continues to be a major challenge impacting businesses, critical infrastructure and consumers alike. The use of AI by bad actors across the spectrum of cybercrime is on the rise, and as a result, credential phishing scams are becoming increasingly sophisticated. AI is effectively helping to lower the cost of phishing and increase […]Read moreAIAPACAustraliaphishing